Archive | July, 2014

XSSYA – Cross Site Scripting (XSS) Scanner Tool

Use Netsparker


XSSYA is a Cross Site Scripting Scanner & Vulnerability Confirmation Tool, it’s written in Python and works by executing an encoded payload to bypass Web Application Firewalls (WAF) which is the first method request and response. If the website/app responds 200 it attempts to use “Method 2” which searches for the payload decoded in the web page HTML code if it confirmed get the last step which is to execute document.cookie to get the cookie.

XSSYA - Cross Site Scripting (XSS) Scanner Tool

XSSYA Features


  • Supports HTTPS
  • After Confirmation (execute payload to get cookies)
  • Can be run in Windows & Linux
  • Identifies 3 types of WAF (mod_security, WebKnight & F5 BIG IP)
  • XSSYA Continue Library of Encoded Payloads To Bypass WAF (Web Application Firewall)
  • Support Saving The Web HTML Code Before Executing the Payload Viewing the Web HTML Code into the Screen or Terminal

We have written about a couple of XSS related tools before:

XSS-Proxy – Cross Site Scripting Attack Tool
XSS Shell v0.3.9 – Cross Site Scripting Backdoor Tool

You can download XSSYA here:

xssya.py

Or read more here.

Posted in: Hacking Tools, Web Hacking

Topic: Hacking Tools, Web Hacking


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Microsoft China Offices Raided By Government

Use Netsparker


There has been a lot of back and forth between the US government and China when it comes to cyber-terrorism or cyber-espionage, valuable secrets being sought out by both sides. For political and commercial purposes, and if you’ve watched any movies lately you’ll know the ‘China Hackers’ are almost super human.

Microsoft China

This time the Chinese government has targeted Microsoft China across all 4 regional offices as a part of a currently unnamed, unknown investigation.

A Microsoft spokesperson has confirmed its four offices in China have been raided as part of a surprise investigation by government officials most likely related to US-Chinese cyber tensions.

Both the US and Chinese governments have been engaging in tit-for-tat claims of cyberespionage, particularly when it comes to corporate affairs, and now China is looking to investigate one of the US’s largest tech companies to determine whether it is working with the US government to spy on its citizens and companies.

According to Reuters, the four Chinese offices Microsoft operates are in Beijing, Shanghai, Guangzhou and Chengdu. Tensions appeared to have eased somewhat when Microsoft announced last April it was about to begin selling the Xbox One gaming console in China, the first US gaming console allowed to be sold in the country in more than a decade.


Microsoft is obviously being very PR about the whole thing, and most analysts felt the situation was fairly good since the announcement that that Xbox One will be sold in China.

So really, a console can solve political tension and US-China digital conflict? Why didn’t we know that earlier!

The Microsoft spokesperson admitted the inspection was a surprise and did not go into the specifics of why it had been instigated.

“We aim to build products that deliver the features, security and reliability customers expect and we’re happy to answer the government’s questions.”

Despite its progress with the Xbox One, the Chinese government last May has increased its weariness of the Windows operating system, having requested that all of its central government offices must not use Windows 8 on new computers.

I’m not sure if any more news of this will come out, as this things tend to be fairly rapidly brushed under the carpet. But we shall keep an eye out and see if the Chinese government really have their heart set on disrupting Microsoft China.

Source: Silicon Republic

Posted in: Legal Issues

Topic: Legal Issues


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Gauntlt – Security Testing Framework For Developers & Ops

Use Netsparker


Gauntlt is a security testing framework that provides hooks to a variety of security tools and puts them within reach of security, dev and ops teams to collaborate to build rugged software. It is built to facilitate testing and communication between groups and create actionable tests that can be hooked into your deploy and testing processes.

Gauntlt - Security Testing Framework For Developers & Ops

To use gauntlt, you will need one or more attack files. An attack file is a plain text file written with Gherkin syntax and named with the .attack extension. For more info on the Gherkin syntax, have a look at Cucumber. A gauntlt attack file is almost the same as a cucumber feature file. The main difference is that gauntlt aims to provide the user with predefined steps geared towards security and durability testing so that you do not have to write your own step definitions, whereas cucumber is aimed at developers and stakeholders building features from end to end. Gauntlt and cucumber can and do work together harmoniously.

Example attack file:

Features

  • Gauntlt attacks are written in a easy-to-read language
  • Easily hooks into your org’s testing tools and processes
  • Security tool adapters come with gauntlt
  • Uses unix standard error and standard out to pass status

Tools Supported

You will need to install each tool yourself before you can use it with gauntlt. However, if you try to use a tool that is not installed or that gauntlt cannot find, you will get a helpful error message from gauntlt with information on how to install and/or configure the tool for use with gauntlt.

The authors also include a generic attack adapter that allows you to run anything on the command line, parse its output and check its exit status.

You can download Gauntlt here (using the starter kit):

Pre-requisites

  • Virtual Box
  • Vagrant

Or read more here.

Posted in: Security Software

Topic: Security Software


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Clear Your Cookies? You Can’t Escape Canvas Fingerprinting

The New Acunetix V12 Engine


So tracking is getting even trickier, it seems canvas fingerprinting would work in any browser that supports HTML5 and is pretty hard to stop as a user, as it’s a basic feature (a website instructing your browser to draw an image using canvas).

And it turns out, every single browser will draw the image slightly differently, so they can track you regardless of your cookie/privacy settings by asking your browser to redraw the image then I assume quickly scanning a database of image checksums for a match.

Canvas Fingerprinting

It wouldn’t exactly tie to your identity (unless you did it on a site that requires/supports login) but it would tie your usage together across sites, especially any sites using AddThis (which I could never stand).

A new, extremely persistent type of online tracking is shadowing visitors to thousands of top websites, from WhiteHouse.gov to YouPorn.com.

The type of tracking, called canvas fingerprinting, works by instructing the visitor’s web browser to draw a hidden image, and was first documented in a upcoming paper by researchers at Princeton University and KU Leuven University in Belgium. Because each computer draws the image slightly differently, the images can be used to assign each user’s device a number that uniquely identifies it.

Like other tracking tools, canvas fingerprints are used to build profiles of users based on the websites they visit — profiles that shape which ads, news articles or other types of content are displayed to them.

But fingerprints are unusually hard to block: They can’t be prevented by using standard web browser privacy settings or using anti-tracking tools

The researchers found canvas fingerprinting computer code, primarily written by a company called AddThis, on 5% of the top 100,000 websites. Most of the code was on websites that use AddThis’ social media sharing tools. Other fingerprinters include the German digital marketer Ligatus and the Canadian dating site Plentyoffish. (A list of all the websites on which researchers found the code is here).


A lot of sites use AddThis, so a lot of users are being tracked, the article/research states 5% of the top 100,000 websites. So at least 5000 high traffic sites are capturing user data in this rather underhanded way.

I can foresee a lot of people removing AddThis from their sites if this news gets any kind of traction.

You can find a list of the sites with the fingerprinting code here – Sites with canvas fingerprinting scripts

Rich Harris, chief executive of AddThis, said that the company began testing canvas fingerprinting earlier this year as a possible way to replace “cookies,” the traditional way that users are tracked, via text files installed on their computers.

“We’re looking for a cookie alternative,” Harris said in an interview.

Harris said the company considered the privacy implications of canvas fingerprinting before launching the test, but decided “this is well within the rules and regulations and laws and policies that we have.”

He added that the company has only used the data collected from canvas fingerprints for internal research and development. The company won’t use the data for ad targeting or personalization if users install the AddThis opt-out cookie on their computers, he said.

Arvind Narayanan, the computer science professor who led the Princeton research team, countered that forcing users to take AddThis at its word about how their data will be used, is “not the best privacy assurance.”

It’s all pretty shady, but honestly we have to assume people are doing this type of stuff because one of those most valuable things you can create from the Internet is user data. Especially usage/consumption patterns, even if it doesn’t tie to specific humans – the data itself is very valuable to people making marketing decisions based on it.

Plus whatever AddThis is doing isn’t regulated in any way, so they can say they are gonna stop/change but just continue on anyway. If you wear a Tinfoil hat, you are probably already using Tor Browser anyway – so good for you.

The full paper is also available here – The Web Never Forgets [PDF]

Source: Mashable

Posted in: Privacy

Topic: Privacy


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


clipcaptcha – CAPTCHA Service Impersonation Tool

Use Netsparker


clipcaptcha is an extensible and signature based CAPTCHA Provider impersonation tool based off Moxie Marlinspike’s sslstrip codebase, which we mentioned back in 2009 – SSLstrip – HTTPS Stripping Attack Tool.

Depending on its mode of operation it may approve, reject or forward the CAPTCHA verification requests. It maintains an easy to edit XML configuration file that it queries to identify CAPTCHA provider request formats and render corresponding responses.

clipcaptcha - CAPTCHA Service Impersonation Tool

Signature based CAPTCHA provider detection

All CAPTCHA providers are basically HTTP based custom web services. These services accept CAPTCHA validation requests in a particular format and respond with finite set of responses that allow the clients to make Boolean choices to allow or disallow the request. clipcaptcha takes advantage of this finite and predictable request and response data set to implement signature based request detection and response system.

Running clipcaptcha

The four steps to getting this working on Linux are:

1. Enable forwarding mode on your machine

2. Setup iptables to redirect HTTP traffic to clipcaptcha.

3. Run arpspoof to redirect the traffic to your machine.

4. Run clipcaptcha in one of its mode of operation.

Requirements

It requires Python 2.5 or newer, along with the ‘twisted’ python module.

You can download clipcaptcha here:

clipcaptcha-v0.1.zip

Or read more here.

Posted in: Hacking Tools, Networking Hacking, Secure Coding

Topic: Hacking Tools, Networking Hacking, Secure Coding


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.


Microsoft Says You SHOULD Re-use Passwords Across Sites

Use Netsparker


Ok so we constantly tell people not to reuse passwords across sites, because if they are stored in plain text (and leaked) those naughty hackers now have your e-mail address AND your password and can wreak havoc on your life.

Which is pretty much true, but Microsoft disagrees and there is some validity to what they say, if you MUST re-use passwords (which you shouldn’t) – do so only on low risk sites (anything without payment details really).

Re-use Passwords - what madness!

Keep the good passwords for the important sites (like online banking).

As for me, I say use a bloody password manager, generate different passwords for every site and make them all strong! A good online password manager is free, and even though some of them appear to not be totally secure (as we wrote a few days ago) – they are certainly better than not using one.

Microsoft has rammed a research rod into the security spokes of the internet by advocating for password reuse in a paper that thoroughly derails the credentials best practise wagon.

Password reuse has become a pariah in internet security circles in recent years following a barrage of breaches that prompted pleas from hacked businesses and media outlets to stop repeating access codes across web sites.

The recommendations appeared logical; hackers with email addresses and passwords in hand could test those credentials against other websites to gain easy illegal access.

Now Redmond researchers Dinei Florencio and Cormac Herley, together with Paul C. van Oorschot of Carleton University, Canada, have shot holes through the security dogma in a paper Password portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts (PDF).

The trio argue that password reuse on low risk websites is necessary in order for users to be able to remember unique and high entropy codes chosen for important sites.


I’m not sure why we are arguing about this though, I honestly don’t even know any of my passwords any more (or try to remember then) as for one, I have over 100 and I don’t have to. I use a password manager (PassPack in my case).

I only need to remember 1 login/password combo and 1 really strong keyphrase (which even the experts agree, is way better than a contiguous password).

Users should therefore slap the same simple passwords across free websites that don’t hold important information and save the tough and unique ones for banking websites and other repositories of high-value information.

“The rapid decline of [password complexity as recall difficulty] increases suggests that, far from being unallowable, password re-use is a necessary and sensible tool in managing a portfolio,” the trio wrote.

“Re-use appears unavoidable if [complexity] must remain above some minimum and effort below some maximum.”

Password sets should be reused across groups of websites. Those sites holding little personal information could be placed in the users’ ‘go-ahead-and-hack-me’ bucket protected by codes like P@ssword1, while sites where pwnage would trigger fire and brimstone should be protected by complex and unique login credentials.

Hackable groups “should be very exposed” and “should have weak passwords”, the researchers said, because pushing users to light up even a small amount of grey matter “would be wasteful”.

The Redmond research realises the realities of userland security; People are bad at remembering passwords and seemingly worse at caring about the issue of security.

Research published in 2012 found the average Brit glued the same five passwords to their 26 online accounts while one in 25 used the same code for everything.

You can read the full paper here – Password portfolios and the Finite-Effort User: Sustainably Managing Large Numbers of Accounts [PDF]

The whole issue is kind of sad if you ask me.

It’ll be interesting to see if any kind of counter-studies are done on this, or anyone comes out with a rebuttal of any sort. It’s a little odd to release a research paper on something that’s basically an opinion though.

Source: The Register

Posted in: Hacking News

Topic: Hacking News


Latest Posts:


Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.